QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3596

Published: Feb 24, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.

Vendor	Product	Versions
n/a	ImageMagick	affected `ImageMagick 7.0.10-31`

Weaknesses (CWE)

References

https://github.com/ImageMagick/ImageMagick/issues/2624

https://bugzilla.redhat.com/show_bug.cgi?id=1970569

[debian-lts-announce] 20220514 [SECURITY] [DLA-3007-1] imagemagick security update

mailing-list

[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.